There are BIG changes coming that could affect your website – Act Now!

HTTPS, SSL, TLS & why you need it

From January 2017, new layers of security known as HTTPS and SSL/TLS will be introduced by Google Chrome which means browsers will see a security warning message on all sites accessed by the browser which do not have these layers incorporated.

The first effect of this is that potential browsers could be put off from accessing your site choosing a site that appears to be safer and secondly, your site will not score so highly in searches if HTTPS and SSL/TLS are not incorporated.

What’s it all about?

Starting with HTTPS – we are all familiar with HTTP coming up on address bars when we use a web address. It stands for ‘Hypertext Transfer Protocol’ and is the way that we ‘talk’ on the worldwide web. HTTPS – note the extra S at the end, stands for ‘Hypertext Transfer Protocol SECURE’. Regular users of sites such as Amazon will recall that it already appears and what it actually does is prevents eavesdroppers from seeing information that visitors to your site send to you or receive from you by encrypting it so that only the server can decode it.

What about SSL/TLS?

Turning now to SSL/TLS – those initialisms stand for Secure Sockets Layer and Transport Layer Security.

SSL has been around for a while and now the latest upgrade is known as TLS. They are both effectively stamps of approval that a website is secure and are officially referred to as certificates. If you go to a website that has no padlock on the address bar and change http:// to https:// the site will still load BUT without SSL/TLS a warning will be displayed by Google Chrome that even though you have requested information on a secure connection, the data is not being sent by that method and that the site may not be totally secure – many will heed the warning and move elsewhere!

So, what does this mean in real terms – it means you must provide information about yourself as the domain/website owner and the website itself. Once a certificate is issued it is installed on the server and provides these security benefits:

Identity authentication – the browser determines whether a web server is the right server and not an imposter

Privacy – information between the browser and web server is kept private by using encryption

Data integrity – messages between the browser and web server cannot be altered by others (for example during a ‘man-in-the-middle’ attack).

Once you obtain the right certificates your address bar will always show a padlock and always say https:// before your hostname.

Google is leading the way on this initiative and even if you don’t use Chrome or don’t think many people use it to access your website, you can’t afford for anyone to be suspicious about the authenticity of your website.

Google has issued an announcement that it plans to label ALL sites that only use http as non-secure as a step towards making the worldwide web a safer place.

And Google will just be the tip of the iceberg – what one does, others soon follow.

Here at Cloud 9 we can sort this for you – and it’s not an expensive exercise.